Authors:
Cong-Binh Le
1
;
2
;
Bao-Thi Nguyen-Le
1
;
2
;
Phuoc-Loc Truong
1
;
2
;
Minh-Triet Tran
1
;
2
and
Anh-Duy Tran
3
Affiliations:
1
Faculty of Information Technology, University of Science, Ho Chi Minh City, Vietnam
;
2
Vietnam National University, Ho Chi Minh City, Vietnam
;
3
imec-DistriNet, KU Leuven, Leuven, Belgium
Keyword(s):
Android Studio Plugin, Security Coding, Rule-Set Customizable, DevSecOps.
Abstract:
Although Android is a popular mobile operating system, its app ecosystem could be safer. The lack of awareness and concern for security issues in apps is one of the main reasons for this. Given the current situation, developers have yet to receive sufficient security knowledge. Therefore, we have researched and proposed a tool to support security coding. Based on the idea of DevSecOps, developers are placed at the center to optimize the solution to this problem by integrating security programming into the earlier stage in the software development process. This paper presents two main research contributions: compilation and categorization of security issues in Android application development and developing ArmorDroid, a plugin for Android Studio to support secure coding. This plugin, which can be used for Java, Kotlin, and XML files, can instantly scan and detect vulnerable code and suggest quick fixes for developers during the development phase. This plugin helps developers improve t
heir security code and trains them to write secure code by providing security coding standards in Android applications. Furthermore, developers can customize our rule set to suit their situation and share it with different developers. Our work also presents the results of a pilot study on the effectiveness of the ArmorDroid plugin.
(More)